Boletines de Vulnerabilidades

MSA-23-0039: XSS risk when previewing data in course upload tool

Información sobre el sistema

Software afectado PHP


by Michael Hawkins. The course upload preview contained an XSS risk for users uploading unsafe data.Severity/Risk:MinorVersions affected:4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versionsVersions fixed:4.2.3, 4.1.6, 4.0.11, 3.11.17 and 3.9.24Reported by:Paul HoldenWorkaround:Verify the contents and trustworthiness of course data before uploading it.CVE identifier:CVE-2023-5547Changes

More info:

Identificadores estándar

Propiedad Valor
CVE CVE-2023-5547.

Histórico de versiones

Versión Comentario Data
Ministerio de Defensa